Managed apps in the launcher

One of the less sexy but more important announcements at Google I/O last month was that Google is adopting part of Samsung's enterprise (as in corporate) security system into the L release of Android. The short version is that it'll be easier than ever to have your work data on your phone alongside your personal data, but the two will be secure and completely sandboxed. (You can get an early look at it now in the L Developer Preview, if you're so inclined.)

Today, Google and Samsung have dropped a little more info on exactly what's going on.

The grossly oversimplified version is that Google will leverage the existing profile feature — currently available on Android tablets — and use it to create a managed profile that has some centralized control for IT policy managers. In the example code provided by Google, developers can learn how to create a basic managed profile. The tools allow policy managers to:

  • Enable or disable other apps, and set restrictions on them.
  • Configure intents to be forwarded between the primary account and the managed profile.
  • Wipe all the data associated with the managed profile.

In addition, there can only be one managed profile on a device at a time.

We're sure that there's even more to learn here, and we'll hear about it as we get closer to the Android L launch. The new methods of control over Android intents sound very interesting, and may be exactly the secret sauce Google needs to get a foot in the enterprise door. I can see situations where you're unable to send a Google Drive document to your personal email, nor can you import a file from a non-managed app to a managed one.

This sort of device security is tough, and up until now only BlackBerry really does it right with a BES server. Google has a chance to change that and what we're seeing looks like a good set of tools to move forward with.

Source: Google 1, 2; Samsung


Reader comments

Google gives a few details on the enterprise management tools coming in Android L


that would suck, imo at least, i do like the new nav bar, i'm sure not all may, but i do, not that my opinion matters to google, lol.

There's an app for that, literally, sorry I don't remember it, but there is one that fixes that, which I used once, but yes would be nice to just be that way straight from release.

This seems to say they can wipe the data from a managed profile without touching the rest of the device.

I'm not sure how I feel about only being allowed one managed profile on a device at a time.

It all depends if said management profile can carry multiple items/configurations, including corporate e-mail. Will be very interesting to see how this all works...

I use Nine for exchange, it allows you to specify when you set up the exchange account whether the company security policies apply to just the email app or the entire phone. I like having pattern unlock, so this allows me to keep that and then i just have to type in a pin to open my corporate email. Plus it works WAY better than the mail app that came on my M8

aww snap getting all windows server up in here!! group policy and what not. I wonder if it will support static ip and stuff.
Posted via Android Central App
edit: what I meant to say was be part of domains.

I may be misinterpreting the photo, but I get the impression that this would also allow employers to lock out certain apps, perhaps during the workday. Is that right? If so, I can see something like this actually harming BYOD penetration, since people get all prickly when management tells them what they can and can't do with their own device, especially if the company isn't footing at least part of the bill.

And, not to go too far offtopic, but BYOD has gotten a bit out of hand. In the past, if an employer wanted an employee to have continuous access to company systems, they issued the employee a device that the company paid for. Now that employees have their own smartphones, companies more or less expect their employees to be reachable. If that's the case, shouldn't the company pay at least some of the employee's costs to carry that device?

Two years ago I gave back the company iPhone and put their SIM in my Note. I only carry one phone and consider this ideal. I can be reached at any time using my own personal device, and consider it an acceptable trade-off. Now they want full control over my hardware and data with the ability to do a full wipe (automatically, after my kids get ahold of it and enter the wrong PIN too many times). I may be forced use their phone again and simply turn it off outside business hours.

As such, something like a proper managed sandbox would work wonders to keep both work and me happy. If the Note 4 comes out with L and this feature, I will be upgrading my Note 3 rather quickly

Posted via Android Central App

What he said. Not having to carry yet another device is definitely not to be understated (especially as someone who generally carries his smartphone as well as his tablet on a regular basis). That said, I get $55/month for BYODing where I work.

Posted via Android Central App

I have tried to use Knox after my employer shoved their own total wipe MDM software onto me, but find it so limited in the apps, particularly the inability to use touchdown, which is the exchange program I use instead of the default email.If L brings a sandbox which is a little more free than Knox, as far as apps are concerned, I wouldn't mind that at all.

I understand the concern for security on our devices, especially in BYOD situations, but security decisions never seem to be made by the technically inclined, and often just make things worse

Posted via Android Central App

Security for the people who need it to work in conjunction with their firms enterprise is key in keeping the Android O/S number one and we all could use a more secure O/S, it will also help ward off to a degree the Apple/IBM Enterprise coalition.